-
Notifications
You must be signed in to change notification settings - Fork 0
CommandExecutor
The command executor executes a command during a hook.
The command executor takes an argument containing the path to the command to be executed. When executed, this command obtains a representation of the jail state on standard input, and may write an updated representation of the jail state on standard output. On successful execution, the command exits with an return code of 0, while a non-null return code indicates failure.
The command executor supports all hooks.
A command executor with a specific command may be promoted to an executor. The newly created executor runs the specified command; arguments to the executor are passed as command arguments. Further promotion adds further command arguments. Semantics for state passing via standard input/output as well as semantics of return codes are retained upon promotion.
The command executor may execute arbitrary commands and is therefore considered privileged. When promoted, the command executed is restricted, and the resulting executor may be marked safe iff the command can be guaranteed not to allow privilege escalation regardless of passed parameters.